Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

51 – 60 of 115 results


CVE-2016-9775

Medium priority

Some fixes available 9 of 12

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Not affected
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2016-9774

Medium priority

Some fixes available 9 of 12

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Not affected
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2016-8735

High priority

Some fixes available 10 of 13

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Fixed
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2016-6816

Medium priority

Some fixes available 10 of 13

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Fixed
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Fixed Fixed
Show less packages

CVE-2016-6797

Low priority

Some fixes available 5 of 10

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Fixed
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2016-6796

Low priority

Some fixes available 5 of 10

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Fixed
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2016-6794

Low priority

Some fixes available 5 of 10

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Fixed
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2016-5018

Medium priority

Some fixes available 4 of 9

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Not in release Not in release Not affected
tomcat7 Not in release Not in release Not in release Not affected Fixed
tomcat8 Not in release Not in release Not in release Not affected Fixed
Show less packages

CVE-2016-0762

Low priority

Some fixes available 5 of 9

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This...

3 affected packages

tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat6 Not in release Not in release Fixed
tomcat7 Not in release Not affected Fixed
tomcat8 Not in release Not affected Fixed
Show less packages

CVE-2016-1000031

Negligible priority
Ignored

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

4 affected packages

libcommons-fileupload-java, tomcat6, tomcat7, tomcat8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcommons-fileupload-java Ignored
tomcat6 Ignored
tomcat7 Ignored
tomcat8 Ignored
Show less packages